Target on Wednesday evening said investigators found hackers stole credentials from a vendor to access the retailer's systems and pilfer about 40 million debit and credit card numbers as well as personal information for another 70 million people.
A spokeswoman declined to give more details, such as the vendor's identity or how the hackers stole the credentials, citing the ongoing the investigation. Target says that since it confirmed the breach on December 15, it has taken extra precautions such as limiting or updating access to some platforms.
Last week, some card numbers of Target customers from South Texas turned up in the arrest of a pair of Mexican citizens at the U.S.-Mexico border. But experts believe the attack's original perpetrators will be difficult to locate.